Commit a08f329b authored Jun 25, 2020 by Kees Cook Committed by Prasad Sodagudi Jul 17, 2020

UPSTREAM: lkdtm/heap: Avoid edge and middle of slabs



Har har, after I moved the slab freelist pointer into the middle of the
slab, now it looks like the contents are getting poisoned. Adjust the
test to avoid the freelist pointer again.

Fixes: 3202fa62fb43 ("slub: relocate freelist pointer to middle of object")
Cc: stable@vger.kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20200625203704.317097-3-keescook@chromium.org


Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
bug: 156889933
(cherry picked from commit e12145cf1c3a8077e6d9f575711e38dd7d8a3ebc)

Change-Id: Iad65d562dcd0efbda569ae47f015ec8d1ccaef41
Signed-off-by: Prasad Sodagudi <psodagud@codeaurora.org>

parent c1b8f43d

drivers/misc/lkdtm/heap.c

+5 −4

Original line number	Diff line number	Diff line
		@@ -58,11 +58,12 @@ void lkdtm_READ_AFTER_FREE(void)
		int base, val, saw;
		size_t len = 1024;
		/*
		* The slub allocator uses the first word to store the free
		* pointer in some configurations. Use the middle of the
		* allocation to avoid running into the freelist
		* The slub allocator will use the either the first word or
		* the middle of the allocation to store the free pointer,
		* depending on configurations. Store in the second word to
		* avoid running into the freelist.
		*/
		size_t offset = (len / sizeof(*base)) / 2;
		size_t offset = sizeof(*base);

		base = kmalloc(len, GFP_KERNEL);
		if (!base) {